package com.duan.config;

import com.duan.handler.MyAccessDeniedHandler;
import com.duan.handler.MyAuthenticationFailureHandler;
import com.duan.handler.MyAuthenticationSuccessHandler;
import com.duan.handler.MyLogoutSuccessHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

/**
 * @author db
 * @version 1.0
 * @description SecurityConfig
 * @since 2024/7/15
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig  extends WebSecurityConfigurerAdapter {


    //配置用户信息服务
    @Bean
    public UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("cxykk").password(passwordEncoder().encode("123qwe")).authorities("user:insert", "user:update").build());
        manager.createUser(User.withUsername("cxydb").password(passwordEncoder().encode("123qaz")).authorities("p2").build());
//        manager.createUser(User.withUsername("cxykk").password(passwordEncoder().encode("123qwe")).roles("user_mag").build());
//        manager.createUser(User.withUsername("cxydb").password(passwordEncoder().encode("123qaz")).roles("p2").build());
        return manager;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //禁用csrf保护
        http.csrf().disable();

        // 请求url权限控制
        http.authorizeRequests()
                .antMatchers("/login.html").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/fail").permitAll()
                .antMatchers("/logoutSuccess").permitAll()
//                .antMatchers("/user/insert").hasAuthority("user:insert")
//                .antMatchers("/user/update").hasAuthority("user:update")
//                .antMatchers("/user/delete").hasAuthority("user:delete")
//                .antMatchers("/user/list").hasAuthority("user:list")
//                .antMatchers("/user/insert").hasRole("user_mag")
//                .antMatchers("/user/update").hasRole("user_mag")
//                .antMatchers("/user/delete").hasAuthority("hr")
//                .antMatchers("/user/list").hasAuthority("hr")
                .anyRequest().authenticated();

        //用户登录控制
        http.formLogin()
                .loginPage("/login.html")
                .loginProcessingUrl("/login")
//                .successForwardUrl("/success")
                .successHandler(new MyAuthenticationSuccessHandler())
//                .failureForwardUrl("/fail")
                .failureHandler(new MyAuthenticationFailureHandler());

        http.logout()
//                .logoutSuccessUrl("/logoutSuccess")
                .logoutSuccessHandler(new MyLogoutSuccessHandler());

        http.exceptionHandling()
                .accessDeniedPage("/nopermission.html")
                .accessDeniedHandler(new MyAccessDeniedHandler());

    }



}



